ET MALWARE Win32/Ficker Stealer Activity
Sourceet/open
CreatedOctober 21, 2020
UpdatedOctober 21, 2020
Classificationtrojan-activity
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET MALWARE Win32/Ficker Stealer Activity"; flow:established,to_client; dsize:41; content:"|00 27 00 00 00 01 00 00 00 15 25 75 73 65 72 70 72 6f 66 69 6c 65 25 5c 44 65 73 6b 74 6f 70 00 00 00 05 2a 2e 74 78 74 05|"; fast_pattern; reference:url,twitter.com/executemalware/status/1318689700882821120; reference:md5,aac706fe42b4a03cac17330bfcd8d9ea; classtype:trojan-activity; sid:2031074; rev:1; metadata:attack_target Client_Endpoint, created_at 2020_10_21, deployment Perimeter, malware_family Win32_Ficker, performance_impact Low, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_10_21;)
References
| url | twitter.com/executemalware/status/1318689700882821120 |
| md5 | aac706fe42b4a03cac17330bfcd8d9ea |
Metadata
attack targetClient_Endpoint
created at2020_10_21
deploymentPerimeter
malware familyWin32_Ficker
performance impactLow
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2020_10_21
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!